You Ask, Ballmer Answers

What name is synonymous with Microsoft? If you answered Bill Gates, you're only half right. When Gates took on the role of chief software architect, he left Steve Ballmer to call the shots day-to-day.

Since Ballmer took over as CEO in early 2000, he has slowly assumed the public mantle of leadership while longtime partner Gates focuses on technology. With that in mind, we surveyed our readers and found out what you wanted to hear from Steve.

We pored through dozens of questions and chose 10 to pose to the Microsoft CEO,
on topics ranging from software licensing and security to certifications and (gulp) Linux.

Ballmer lived up to his reputation by handling concerns in his straight-ahead manner. And thanks to you for such great questions.

MCP: How is Microsoft evolving?

Ballmer: One of the things about Microsoft that has served us well is that we're a learning organization. By that, I mean we are willing to try new things, make the big bets, learn from what works and what doesn't, and continue to evolve in terms of our business and our culture.

From a business perspective, we've obviously evolved a lot over the last three decades, from a tools and DOS company, to the Windows company, to a much broader, integrated platform business serving consumers, the enterprise, small business, etc.

Throughout the years, we've consistently maintained a focus on the long-term value of R&D. This has enabled us to continue to innovate and evolve our flagship products—Windows client and server, Office and our enterprise server apps. Today, we're investing for the long-term in emerging businesses as well, which we believe hold great promise—MSN, mobility, Xbox, business solutions for the small- and mid-market.

In the last few years, our product strategy and roadmap has become super-focused on delivering value through an integrated platform. No other company is making the kind of investment we are, or is as committed to delivering the value of an end-to-end technology platform that scales and integrates seamlessly from handheld devices to servers, and which takes a comprehensive approach to issues such as security, manageability and reliability.

Looking ahead, I am genuinely optimistic about our future. We're continuing to build from a very strong foundation of technologies today in products like Windows XP, Office 2003, Windows Server 2003, Small Business Server 2003, Exchange 2003, the Tablet PC, MSN 9.0, and Smartphone. And we have a super strong line-up coming in the next few years—Windows XP SP2, SQL Server 2005, Longhorn client and server, the next version of Visual Studio .NET, the next-gen Xbox console, etc.

So I strongly believe that our growth prospects through this decade are solid. At the same time, we have put many legal issues behind us, we are working to reinvigorate our relationships with partners and developers worldwide, and are even collaborating with many of the companies with which we compete, such as IBM, Sun and AOL.

So overall, I feel very good about our ability to continue to evolve and grow in a changing environment.

MCP: What poses the greatest information security risk to the global network today and how is Microsoft attempting to mitigate this risk?

Ballmer: Clearly, malicious worms and viruses have become more sophisticated and will continue to evolve. The Blaster worm, for example, hijacked individual computers, turning innocent users into unknowing propagators of worms. These kinds of “swarming” attacks are intentionally coordinated by their perpetrators to cause multiplied, cascading effects, and is on a much bigger scale in terms of the damage they can do [as compared to previous worms]. Most people can help protect themselves by using the tools available today—a firewall, updating their software, and using an up-to-date antivirus program.

As I mentioned earlier, we are working on important new technologies that will make it easier for customers to isolate their computers, make computers more resilient to attack, enhance software quality, make it easier to keep software up to date, and strengthen user authentication and access control. Over time, we envision that active protection technologies will be designed to run on Windows-based computers in a network—servers, desktops and laptops—and will proactively adjust computer defenses based on state changes, contain the impact and spread of worms and viruses, and prevent known attacks from compromising the system.

MCP: How do you balance the desire for more features and integration between components with the need for security? Are there tradeoffs?

Ballmer: Innovation and security are not mutually exclusive. In fact, some of the most innovative work we're doing at Microsoft is in the area of security. Our work is focused in four areas. The centerpiece is something we talk about in terms of isolation—preventing malicious code from getting into computers, and beyond that, making computers more resilient when they're attacked. We're also focused on making it easier to keep software up to date, on improving the quality of software, and on strengthening the tools for keeping intruders out—what we call authentication and access control.

Windows XP SP2 will include a number of key security advances: A protective firewall will be turned on automatically, reducing the attack surface of PCs and networks. Internet Explorer will automatically block unwanted pop-ups or downloads from Web sites; e-mail and instant messaging will handle file attachments in better, safer ways. And new technology will help keep worms and viruses from exploiting buffer overruns. Later this year, we'll be releasing similar advances for Windows Server 2003, plus other technologies that will give IT administrators more control over how servers are configured, to make them more secure. We'll also release new, stronger firewall protection for networks.

A bit further out, we're working on major advances in what we call active protection technologies. The idea here is to make computers resilient in the presence of increasingly sophisticated worms and viruses. For example, we are working on behavior blocking technologies, which can indicate suspicious behavior before a computer is infected.

Internally, we have undertaken a rigorous initiative for engineering excellence, so that every one of our engineers understands and uses best practices in software design, development, testing and release. We're offering security training to software developers outside of Microsoft as well, and providing prescriptive guidance to our partners and customers. We also have new software development tools that automatically check code for common errors, and test it more thoroughly before it's released. We're using these tools in developing our new products, and we'll also soon be offering them to other software developers. Detailed information about our security efforts is available at http://microsoft.com/security.

MCP: What is Microsoft doing to improve product licensing?

Ballmer: We've developed a variety of flexible licensing programs that will help our customers plan for and achieve their IT goals and at the same time increase the ROI of their software investments with Microsoft. We've made several changes based on what customers have told us. For example, we have added a maintenance offering, called Software Assurance, which far exceeds the traditional upgrade and support contracts within the industry. It's a collection of deployment tools, training, support, employee discounts and product upgrades that provide substantive and measurable business value and help our customers reduce costs.

We have also made several contract changes to expand the scope of protection for our customer's intellectual property to cover trade secret and trademark claims and remove the liability cap around intellectual property. Our product warranties have also been extended from the previous 90 days to one full year, and we have increased the audit notice period from 15 days to 30 days.

In 2003, we offered additional flexibility through the way we license a number of our server application products. Application Center, BizTalk Server, Internet Security & Acceleration Server [ISA] and SQL, among others, can be licensed per processor to give customers the choice to license in a per processor mode when partitioning.

For our small and mid-market customers we designed a new payment plan called Open Value, to enable payments for software licenses to be spread across the term of their contract with no interest fees. This is great for small and medium organizations, as they can also take advantage of the training vouchers, eLearning Home Use Program, spread payments and other benefits found in Software Assurance.

Microsoft Volume Licensing Services (https://licensing.microsoft.com/) is an online resource we've improved to help customers manage their Microsoft licensing agreements and access their order information and purchase history. From this site, customers can view their licensing information easily and in one place, including details about their Volume License agreements, license orders, and Volume License Product Keys. Customers also can find answers to questions and download software.

The goal was to build a licensing framework that provides flexibility and choice to meet different types of customer business needs in today's economy. We still have work to do here but I believe we are moving in the right direction.

MCP: What steps is Microsoft taking to fight spam?

Ballmer: We're battling spam on many fronts, through innovation in our software, industry cooperation, law enforcement and consumer education. We've deployed our new SmartScreen filtering technology across all e-mail platforms, and we're continuing to enhance our filtering technologies to defeat increasingly sophisticated spamming techniques. We've developed a system analogous to Caller ID that will enable ISPs to identify spammers and block them. We've gotten together with AOL, Earthlink and other ISPs to build a broad antispam alliance. We recently joined with them in filing suit against six of the world's largest spammers under the new federal antispam law, which we actively supported. To be effective, an antispam strategy must attack the problem in all these different ways. We're dedicating substantial resources and making significant progress in each of these areas.

MCP: What are Microsoft's thoughts regarding Linux?

Ballmer: In an era of increasing IT complexity and limited budgets, customers are looking for cost-effective, secure and easily manageable IT solutions. Our focus is on delivering these through an integrated platform—client and server operating systems, client and server applications, and programming tools—that integrate seamlessly and scale from the enterprise to the desktop to wireless mobile devices. The other key to this is a comprehensive approach to critical issues like security, manageability and reliability.

As commercial vendors increasingly lead the promotion of Linux, we now see customers beginning to view Linux vendors like other commercial software providers—focusing on the best platform overall in terms of value, integration, interoperability, support, security, manageability and reliability.

MCP: What is Microsoft doing to promote the technical professional community and the value of certifications?

Ballmer: With more than 2.7 million credentials worldwide, we are continually looking at ways to enable IT pros and developers to do their job better, and support the organizations for which they work.

In May, we launched a new MCP portal where MCPs can access exclusive tools relevant to their jobs, such as the MCP Career Center that helps MCPs find the best jobs posted by employers and partners; the MCP Certification Planner that analyzes different exam options and tracks their progress on passed exams; and MCP Transcript Share, which allows MCPs to demonstrate the validity of their credentials to existing or future employers. There will also be features that enable them to interact and communicate more easily with other MCPs and staff at Microsoft.

We also recently released new learning products and certifications that help IT pros skill up faster and demonstrate deeper knowledge around specific job skills. Microsoft E-Learning, for the latest technologies such as Windows Server System 2003, is now available on microsoft.com, and we recently released certification specializations for Security and Exchange, and a new desktop support technician certification—MCDST [Microsoft Certified Desktop Support Technician].

Microsoft will continue to invest significantly in new testing technology that enhances the types of exam questions and add simulations so that our customers gain the most relevant experience using real-world deployment and operational scenarios.

MCP: What does Microsoft do to protect the integrity of its certification credentials?

Ballmer: IT Professionals invest significant time and money to build their IT careers, and customers rely heavily on the outcome, which enables them to deploy and manage a secure and reliable technology infrastructure. As such, piracy is an issue we take very seriously. We work on an ongoing basis with a wide range of industry experts, partners, instructors and MCPs to ensure that the integrity of our test and MCP program is protected.

We combine progressive testing technologies that discourage rote memorization, and we replace exam items regularly. We also work closely with our global authorized testing centers to manage security, and are continually looking at the most effective policies and guidelines to deter cheating. Microsoft is also committed to working with governments and assisting law enforcement agencies where appropriate.

MCP: Is Microsoft attracting a different kind of employee from a decade ago? What will the culture be like a decade from now?

Ballmer: As the company has grown, the scope of positions that we hire for has broadened, but our employees continue to share a number of core values, including a passion for connecting with customers, a willingness to take on big challenges, integrity and honesty, being accountable, and a commitment to personal excellence and self-improvement. We're very focused on continuing to evolve our culture in a way that continues to serve both customers and employees well. For example, we're creating rigor around accountability and execution across everything we do—from employee goals to our internal business processes to the way we create and build our software.

MCP: What kind of research are the scientists in Microsoft Research working on these days?

Ballmer: There are more than 700 researchers in Microsoft Research labs around the world, primarily in
Redmond, Cambridge, Beijing and Silicon Valley, who are on the cutting edge of computer science in a diverse set of research fields. These researchers are coming up with innovative user interfaces using speech and computer vision technology, finding new ways to organize and understand digital information, improving fundamental computing performance and security, and inventing entirely new computing form factors—the list goes on. Our researchers publish countless research papers and play a significant role in the global computer science community. Our long-term investment in research is having a broad impact both on Microsoft and the technology industry.